To Err is Human – so get robots to secure your data

[Updated February 2016]

Data breaches reached a new high this month with news that the US Government’s Office of Personnel Management was hacked not once but twice, putting the lives of many public employees, and especially spies, at serious risk.  Not only has it released the private details for individuals that were requested as part of security vetting (opening them up to coercion and blackmail) but it allowed, by process of elimination, the identification of employees pretending to be boring government officials, who are therefore actually spies. Data breaches have also been responsible for the high-profile resignation of a number of CEOs, including Greg Steinhafel at Target (where a data breach exposed information on 40 million customers).

No-one can be certain about the cause of some of these breaches, and we are not suggesting any level of incompetence, but it was interesting to read of a recent report from CompTIA which found human error accounts for 52% of the root cause of security breaches. The two biggest being ‘failure to follow general policies and procedures’ (42%) and ‘general carelessness’ (42%).

To many, this sounds surprising and a little scary. But examined in detail, the opportunities for breaches, even in common processes, abound. This is exactly what a team of researchers did in their paper ‘How significant is human error as a cause of privacy breaches? An empirical study and a framework for error management’ (Divakaran Liginlal, Inkook Sim, Lara Khansa).

The researchers related to a process that many people will be familiar with: applying for a bank loan. As stated, “the first step in loan processing involves the collection of personal information. In most cases, the loan officer interrogates the customer and runs background checks to acquire supporting information. Many mistakes can happen here (e.g. an overzealous loan officer acquiring more information than allowed).  Or, a slip might occur when the loan officer is distracted during data entry or data entry is designated to a less skilled subordinate. During processing, the collected information is stored and transferred. Such information may be erroneously disclosed during storage or transmission. For instance, the loan officer may discuss details of the application with the Approval Department in an open hall, overheard by other people. Or, when notifying a customer of the acceptance status, the mailing clerk may use a wrong mailing address and reveal sensitive personal information to the wrong recipient.”

When looked at in that level of detail, it’s clear there are considerable opportunities for human error to enter the process and cause a data breach.

So why have humans in the loop at all?

Technology exists today that can replicate the majority of the tasks required to process that loan application. Using Robotic Process Automation (RPA)​, ‘digital labor’ is able to carry out the process according to the proper procedure, without distraction, over-zealousness, under-skilling or any discussion in open forums. In other words, by taking out the humans from the process, the opportunities for ‘slips’ and ‘mistakes’ is reduced to almost zero, both in the decision-making stage (through defining the process to the right level of detail in the first place) and the execution stage.​

This applies to any process that is rules-based, repetitive and has system interactions. RPA, once trained, will carry out the task repeatedly and consistently, logging every step as it does so. Automation technologies are already benefiting forward-thinking organizations through delivering significant cost savings, as well as increased quality, auditability and customer experience. And, who knows, the ability to provide high levels of security through error-free and auditable processes may just save a CEO or two their jobs.